Biometrics problem or solution?
|
|
- Arnold Booker
- 5 years ago
- Views:
Transcription
1 Biometrics problem or solution? Summary Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems. Whilst some of these are technical, and possess technical solutions, however difficult they may be to implement, others are social and cultural. Social and cultural barriers are much more complicated to resolve, and need much more thought by would-be implementers as well as the manufacturers and suppliers before they will succeed. Culturally, one size does not fit all, and that may increase the cost and complexity of solutions. Introduction For some considerable time now the personal identification segment of the IT security industry has been trying to improve on the use of the identifier and password as the means of authenticating the user of an IT service. The problems of managing password based systems, their weaknesses, and the (now) classical ways of attacking or subverting such systems are well documented and need not be considered here. Many consider that such simple authentication measures need to be reinforced, and refer to multi-factor authentication, based upon: - a secret that you know (password); - something that you have (a token); - something that you are (a biometric). In the IT world, probably the most commonly implemented method for token authentication is the SecureID token. (Smart cards for mass transit rail systems and telephone cards are more numerous, although they do not really authenticate the user. Possession of the token authorizes the holder to have a use.) The introduction of advanced security techniques such as public key cryptography (better known as PKI public key infrastructure) has increased the need to be able to store secret information (a private key), because a user could never remember a randomly constructed password that long (RSA 2048 would require you to remember a mere 256 characters worth of information and be able to input it reliably!). The rapid increase in fraud, and in particular credit card fraud, is creating demands for greater security methods than magnetic stripe cards and handwritten signatures offer. This has seen many card issuers issue chip or smart cards which require a password (commonly a four digit PIN) before they can be used. However, these are by no means generally implemented. A spot check on the various cards in my pocket showed only 50% of the various bank/credit cards have chips, whilst none of the others have that facility. info@articsoft.com Page 1 of 5
2 Why move to biometrics? The principle pressure to move to biometrics comes from two sources: the biometric industry and the finance industries. The finance industries are continuing to search for a cost-effective means of reducing fraud. If that means can also be used to prove who authenticated the financial transaction, or could ensure that only the authorized individual could make it, then so much the better. The biometrics industries clearly wish to see their commercial potential fulfilled. Since they form the third pillar of the security authentication process, there is a logical requirement for their services if you need to improve the quality of the security functionality of a system. Exactly how the quality is improved in some mathematical calculation is less clear, although work has been done by the UK security agency CESG to consider how it might be represented. Overall, however, it is obvious enough that using more than one mechanism to authenticate a user is going to make the system stronger provided that the mechanism is effective and not related to any other mechanisms being used. Which biometrics? Biometrics are about measuring specific characteristics of a person, including: - voice; - handwriting; - fingerprint(s); - face; - retina of the eye; - iris of the eye. In an ideal world you want to choose a characteristic of a person that has helpful measuring characteristics such as: - unlikely to change; - likely to prove unique; - not invasive; - difficult to copy or steal and reproduce. If you turn these into a matrix you might get the following results. The measuring characteristics are shown as low, medium, high because not every technique is considered precise. can t change unique invasive copy voice L M L H handwriting M M L M fingerprint M M L M/H face L L L H retina H H H? iris H H M? The desired result is to have H,H, L,L; meaning that they never change, are unique, can be checked without the user feeling they are exposing themselves to any special procedure and are impossible for attackers to copy. info@articsoft.com Page 2 of 5
3 The results of? for copy are given because at this stage there is little reported evidence of trying to capture and reproduce retina and iris prints, whereas the other techniques listed have been subjected to deliberate attacks with publicized results. Are the measuring characteristics precise? Unfortunately when we talk of measuring biometrics we are not talking about the precision of zero or one, but about statistical measures. Samples are taken of the biometric that is being measured, sample points analyzed and compared with information previously captured. This is not, then, the absolute precision that we associate with digital computing, but about matching samples of information to a level that makes us confident that they are identical. The extent to which we can make the measuring method accurate is related to the degree of invasiveness of the measuring method, both when the initial user measurement is made and when the sample is taken. The more precise the measures are, the more likely they are to give the right result. One of the hazards of biometrics is that measurements may often have to be made in less than ideal conditions. Voice is measured against both the ambient background (a supermarket, street, sports hall?), signatures may be checked where someone is standing up (sitting down, leaning, poor shaped pen, wet hands), fingerprints taken when the finger is flat (misaligned, wet, dirty) and facial characteristics checked with glasses (sunglasses, no glasses, color of the ambient light). Measuring systems have to allow for all these hazards and still operate acceptably. Sources of potential error create two measuring levels that biometrics build in to their calculations: false acceptance and false rejection. As these figures imply, the measurement system is set up to allow for errors. Therefore you have to understand that the operation of the system can be tuned to be more or less precise. This is not the same thing as either knowing a secret or not, and not the same as whether you have a card in your possession or not. When you implement a biometric system you may have to think carefully about how accurate it can be in operation. Why does method of operation matter? The method of operation has two distinct components that must be considered: - what the person being authenticated must do to use the service; - what the system operator must do when failure occurs. The person being authenticated must have registered their bio-identity before it can be authenticated. Registration processes can be extremely complicated and very inconvenient for users. This is particularly true if the user being registered is not familiar with what is happening, why it must be done and what safeguards they have over the use to which their bio-identity might subsequently be put. Registration must try to register the biometric as accurately as possible (with respect to the measuring technique being used) or subsequent comparisons will be poor and may create administrative problems. Once the person has been registered you have to think about how their bio-identity is checked and what the context is. info@articsoft.com Page 3 of 5
4 It may be socially acceptable to look into a special device for retina scanning to gain access to a highly secure military establishment when it is part of your function. The same may not be true when standing in line at a supermarket checkout. Also, you may not be able to wear certain types of contact lenses. Similarly it may be acceptable for the police to check your fingerprint(s) when that is required by law but less acceptable to have that demanded to verify a credit card transaction. Voice recognition may be fine if there is a private booth, or if the verification can be done as part of normal conversation, but less so if special number or word sequences have to be called out loudly in public. These are social and cultural factors. In some countries or regions they may be acceptable, in others not. Collecting fingerprints may be unlawful in some countries unless you are an authorized government agency. The fact that it may be acceptable in one location does not mean it will work anywhere else, because the users themselves may refuse to behave in a manner that allows the system to work. Up to now we have been assuming that our bio-identification system is working perfectly, but unfortunately they don t. As pointed out earlier, the information captured during registration may not have been perfect, and the information captured at the point of verification may not be perfect, or may have changed in some way, from how it was presented earlier (ever looked at your passport photograph?). The presence of false acceptance and false rejection means that some of the time (however small) the right person will be rejected and the wrong person could be accepted. The problem for the operator is that the right person will be rejected occasionally by what might be presented as a foolproof system. So what procedures does the operator have to put in place to deal with the situation where a perfectly valid user has been refused? Do you go for best of three and do you lock them out after that? Do you have some other test that you can apply, and, if so, what is it? What is the impact on the user are they a customer that could refuse to use the service again rather than an employee who may not have such luxury of choice. What is the impact on your internal administration in any event, particularly if there is an equipment malfunction that is difficult to detect? These are not problems for the company supplying the basic product. They are problems that the implementer has got to sort out for themselves. The answers are going to vary significantly according to the business purpose being served by the system, so there s no simple solution here until some good experience has been gained in major pilot exercises. info@articsoft.com Page 4 of 5
5 Conclusions Biometrics offer a valuable approach to extending current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. However, in order to make use of biometrics we need to register users, a procedure that may be costly, and onerous for users, and we have to have a socially/culturally acceptable means of checking the biometric at the point of authentication. These problems may also give rise to the need for safeguards over the use of the biometric. In using biometrics we must be aware of the fact that they are not measuring perfectly, and that many operational factors may cause them to fail. In such cases administrative procedures to resolve operational failures may need to be put in place to prevent adverse customer reaction, bad publicity and failures in public acceptability. Whilst these failures may not represent a significant proportion of transactions they will have a publicity effect that is far more damaging that all the success gained by the service. Insufficient information from extensive pilot studies exists at the moment to indicate either how best to manage the situation or tune the service to give acceptable financial or anti-fraud results. info@articsoft.com Page 5 of 5
Lecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationAccess Control Biometrics User Guide
Access Control Biometrics User Guide October 2016 For other information please contact: British Security Industry Association t: 0845 389 3889 e: info@bsia.co.uk www.bsia.co.uk Form No. 181 Issue 3 This
More informationStuart Hall ICTN /10/17 Advantages and Drawbacks to Using Biometric Authentication
Stuart Hall ICTN 4040 601 04/10/17 Advantages and Drawbacks to Using Biometric Authentication As technology advances, so must the means of heightened information security. Corporate businesses, hospitals
More informationCSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors)
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationUser Authentication and Human Factors
CSE 484 / CSE M 584 (Autumn 2011) User Authentication and Human Factors Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationChoosing the Right Credentials Is Easier than You Think
Choosing the Right Credentials Is Easier than You Think Jennifer Toscano, Ingersoll Rand Security Technologies, Portfolio Marketing Manager, Credentials, Readers, Software, and Controls Security is complicated.
More informationThe US Contact Center Decision-Makers Guide Contact Center Performance. sponsored by
The US Contact Center Decision-Makers Guide 2013 Contact Center Performance sponsored by INTRODUCTION AND METHODOLOGY The "US Contact Center Decision-Makers' Guide (2013-6 th edition)" is the major annual
More informationCIS 4360 Secure Computer Systems Biometrics (Something You Are)
CIS 4360 Secure Computer Systems Biometrics (Something You Are) Professor Qiang Zeng Spring 2017 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors)
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Digital Interconnect Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationSigner Authentication
Signer Authentication WHITE PAPER A common question arises as people migrate to electronic signature and electronic contract execution from paper and ink signatures. How do I know my intended signer is
More informationAuthentication KAMI VANIEA 1
Authentication KAMI VANIEA FEBRUARY 1ST KAMI VANIEA 1 First, the news KAMI VANIEA 2 Today Basics of authentication Something you know passwords Something you have Something you are KAMI VANIEA 3 Most recommended
More informationAUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS
AUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS MAC Webinar July 30, 2015 Dave Lott Retail Payments Risk Forum The views expressed in this presentation are those of the presenter and do not necessarily
More informationIdentification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:
Identification, authentication, authorisation Three closely related concepts: Identification and authentication WSPC, Chapter 6 Identification: associating an identity with a subject ( Who are you? ) Authentication:
More informationWhat is a security measure? Types of security measures. What is a security measure? Name types of security measures
TOPIC: Fundamentals of cyber security: Methods to detect and prevent cyber security threats LEARNING OBJECTIVES: What is a security measure? CAPTCHA Biometric security measures Password systems Automatic
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationAdvanced Biometric Access Control Training Course # :
Advanced Biometric Access Control Training Course # : 14-4156 Content A. Objectives 5 mins B. History of EAC- 10 mins C. Electronic Access Control in Todays World 20 mins D. Essential Components of Electronic
More informationAuthentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin
Authentication Technology Alternatives Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin Passwords Initial response by security and programming experts to deny access
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationBiometrics. Overview of Authentication
May 2001 Biometrics The process of verifying that the person with whom a system is communicating or conducting a transaction is, in fact, that specific individual is called authentication. Authentication
More informationUser Authentication Best Practices for E-Signatures Wednesday February 25, 2015
User Authentication Best Practices for E-Signatures Wednesday February 25, 2015 Agenda E-Signature Overview Legality, Authentication & Best Practices Role of authentication in e-signing Options and applications
More informationNow there is: Asignio web-based signature authentication.
THE COST OF KYC AND AML Know Your Customer (KYC) technology and Anti-Money Laundering (AML) compliance are crucial elements of modern banking. Financial institutions are trusted to verify and authenticate
More informationPasswords. EJ Jung. slide 1
Passwords EJ Jung slide 1 Basic Problem? How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem slide 2 Many Ways to Prove Who You Are What
More informationThe Future of Authentication
The Future of Authentication Table of Contents Introduction Facial Recognition Liveness Detection and Multimodal Biometrics FIDO: Standards-Based, Password-Free Authentication Biometric Authentication
More informationUsing Biometric Authentication to Elevate Enterprise Security
Using Biometric Authentication to Elevate Enterprise Security Biometric authentication in the enterprise? It s just a matter of time Mobile biometric authentication is officially here to stay. Most of
More informationHumanAUT Secure Human Identification Protocols
HumanAUT Secure Human Identification Protocols Adam Bender Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University What is HumanAUT?! HumanAUT stands for Human AUThentication " Authentication:
More informationUltraMatch. Standalone Iris Recognition System
UltraMatch Standalone Iris Recognition System Smart LED Utilizes the most accurate biometric recognition technology Color LED shows the proper verification distance Mobile management enabled by wireless
More informationCertificate-based authentication for data security
Technical white paper Certificate-based authentication for data security Table of Contents Introduction... 2 Analogy: A simple checking account... 2 Verifying a digital certificate... 2 Summary... 8 Important
More informationTouch screen. Uses of Touch screen: Advantages of Touch screen: Disadvantages of Touch screen:
Touch screen A touch screen is the only device which works as both an input and an output device. You view the options available to you on the screen (output) and you then use your finger to touch the
More informationBiometric Technologies Signature
Biometric Signature Solutions Presented at the Open House The Standards Institution of Israel 1 WonderNet The leading provider of digital signature solutions Over 5 million current users Cutting edge technologies:
More informationGuide to Speaker Verification & Voice Biometrics
Guide to Speaker Verification & Voice Biometrics ICR Speech Solutions & Services The Engine House Ashley Lane, Saltaire West Yorkshire BD17 7DB Tel: 01274 821111 e-mail: info@icr3s.co.uk www.icr3s.co.uk
More informationDistributed Systems. Smart Cards, Biometrics, & CAPTCHA. Paul Krzyzanowski
Distributed Systems Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution
More informationFAQ: Privacy, Security, and Data Protection at Libraries
FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library
More informationSurvey Guide: Businesses Should Begin Preparing for the Death of the Password
Survey Guide: Businesses Should Begin Preparing for the Death of the Password Survey Guide: Businesses Should Begin Preparing for the Death of the Password The way digital enterprises connect with their
More informationEvaluating Alternatives to Passwords
Security PS Evaluating Alternatives to Passwords Bruce K. Marshall, CISSP, IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Authentication Model Authenticator
More informationEADS up. stop think connect
EADS up stop think connect You text, you play games, you share photos and video. You update your status, you post comments, you probably spend some time in a virtual world. Being online connected through
More informationThe Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication
White Paper The Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication Table of contents Introduction... 2 Password protection alone is no longer enough...
More informationHassle-free banking in the DIGITAL AGE through NEXT-GEN. Technologies W H I T E PA P E R
Hassle-free banking in the DIGITAL AGE through NEXT-GEN Technologies W H I T E PA P E R Experience smooth transactions with the new generation of banking and payments using facial recognition. Financial
More informationIn this unit we are continuing our discussion of IT security measures.
1 In this unit we are continuing our discussion of IT security measures. 2 One of the best security practices in Information Security is that users should have access only to the resources and systems
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationBio-FactsFigures.docx Page 1
Above shows the G6-BIO-B (Beige case) and the G6-BIO-G (Grey case). Bio-FactsFigures.docx Page 1 Table of Contents 1. Biometric Concepts... 3 1.1. Is it possible to trick the sensor?... 3 1.2. Would a
More informationSmart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationSumy State University Department of Computer Science
Sumy State University Department of Computer Science Lecture 1 (part 2). Access control. What is access control? A cornerstone in the foundation of information security is controlling how resources are
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationSmart Cards and Biometrics in Privacy- Sensitive Secure Personal Identification Systems
Smart Cards and Biometrics in Privacy- Sensitive Secure Personal Identification Systems A Smart Card Alliance Report Publication Date: May 2002 Publication Number: ID-02001 Smart Card Alliance 191 Clarksville
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationAuthentication Objectives People Authentication I
Authentication Objectives People Authentication I Dr. Shlomo Kipnis December 15, 2003 User identification (name, id, etc.) User validation (proof of identity) Resource identification (name, address, etc.)
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationFederated Authentication for E-Infrastructures
Federated Authentication for E-Infrastructures A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended
More informationPage 1 of 6 Bank card and cheque fraud
Page 1 of 6 happens when criminals steal your cards or chequebook and gain access to funds in your account. More about bank card and cheque fraud Criminals steal your bank cards or cheque book; or they
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationSignature Verification Why xyzmo offers the leading solution
Dynamic (Biometric) Signature Verification The signature is the last remnant of the hand-written document in a digital world, and is considered an acceptable and trustworthy means of authenticating all
More informationFederated authentication for e-infrastructures
Federated authentication for e-infrastructures 5 September 2014 Federated Authentication for E-Infrastructures Jisc Published under the CC BY 4.0 licence creativecommons.org/licenses/by/4.0/ Contents Introduction
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More information===============================================================================
We have looked at how to use public key crypto (mixed with just the right amount of trust) for a website to authenticate itself to a user's browser. What about when Alice needs to authenticate herself
More informationNewcomer Finances Toolkit. Fraud. Worksheets
Newcomer Finances Toolkit Fraud Worksheets Ottawa Community Loan Fund Fonds d emprunt Communautaire d Ottawa 22 O Meara St., Causeway Work Centre, Ottawa, ON K1Y 4N6 Tel: 613-594-3535 Fax: 613-594-8118
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationImplementing Electronic Signature Solutions 11/10/2015
Implementing Electronic Signature Solutions 11/10/2015 Agenda Methodology, Framework & Approach: High-Level Overarching Parameters Regarding Electronic Service Delivery Business Analysis & Risk Assessment
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationUser Authentication. Tadayoshi Kohno
CSE 484 / CSE M 584 (Spring 2012) User Authentication Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others
More informationHow. Biometrics. Expand the Reach of Mobile Banking ENTER
How Biometrics Expand the Reach of Mobile Banking ENTER Table of Contents 01 The Mobile Banking Opportunity 02 What s Suppressing Mobile Adoption? 03 Onboarding Challenges: Proving One s Identity 04 Authentication
More informationLecture 41 Blockchain in Government III (Digital Identity)
Blockchains Architecture, Design and Use Cases Prof. Sandip Chakraborty Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture 41 Blockchain in Government III
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords
More informationAuthentication & Authorization
Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationCharter Pacific Biometrics Acquisition
Charter Pacific Biometrics Acquisition Charter Pacific Biometrics Acquisition Charter Pacific has executed a Share Purchase Agreement to acquire 100% of Microlatch. Charter Pacific/Microlatch has a patent
More informationPALM VEIN TECHNOLOGY
Palm Vein Technology 1 SRI VASAVI ENGINEERING COLLEGE Pedatadepalli, West Godavari Dist, A.P Department of Electrical & Electronics Engineering SEMINAR ON PALM VEIN TECHNOLOGY (TOUCHING THE PERFECTION)
More informationSecuring Americans Identities: The Future of the Social Security Number
Cha : Testimony, SASC 04 /25 /2017 1 Statement Before the House Ways and Means Subcommittee on Social Security Securing Americans Identities: The Future of the Social Security Number A Testimony by: James
More informationNew Paradigms of Digital Identity:
A Telefonica White Paper New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) February 2016 1. Introduction The concept of identity has always been the key factor
More informationVOICE BIOMETRICS. estilo de subtítulo del patrón Solutions
VOICE BIOMETRICS Haga clic Vicorp para modificar Speech el Biometric estilo de subtítulo del patrón Solutions VICORP SPEECH TECHNOLOGY UK based since 1989 with international partners - Specialising in
More informationKuppingerCole Whitepaper. by Dave Kearns February 2013
KuppingerCole Whitepaper by Dave Kearns February 2013 KuppingerCole Whitepaper Using Information Stewardship within by Dave Kearns dk@kuppingercole.com February 2013 Content 1. Summary... 3 2. Good information
More informationPalm Vein Technology
Technical Paper Presentation On Palm Vein Technology (Security Issue) Hyderabad Institute of Technology And Management ABSTRACT Identity verification has become increasingly important in many areas of
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationVoice. The lost piece of the BYOD puzzle.
Voice. The lost piece of the BYOD puzzle. Contents What s wrong with BYOD? 3 The issue of intimacy 4 How voice got left out of the picture 5 Why voice will always be big for business 6 Introducing smartnumbers
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationRapid Software Testing Guide to Making Good Bug Reports
Rapid Software Testing Guide to Making Good Bug Reports By James Bach, Satisfice, Inc. v.1.0 Bug reporting is a very important part of testing. The bug report, whether oral or written, is the single most
More informationCitizen Biometric Authentication based on e-document verification. e-government perspective. Mindshare Ruslans Arzaniks Head of Development
Citizen Biometric Authentication based on e-document verification. e-government perspective. Mindshare 2017 Ruslans Arzaniks Head of Development About us WHO WE ARE X Infotech is a global provider of software
More informationStrategic White Paper
Strategic White Paper Automated Handwriting Recognition Takeaways In this paper you ll learn: How recognition works, accuracy, applications and benefits Differences between earlier ICR programs and more
More informationSmart Card and Biometrics Used for Secured Personal Identification System Development
Smart Card and Biometrics Used for Secured Personal Identification System Development Mădălin Ştefan Vlad, Razvan Tatoiu, Valentin Sgârciu Faculty of Automatic Control and Computers, University Politehnica
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS In order to better assist you with the transition to our new home banking service, we wanted to provide you with a list of anticipated questions and things that may need your
More informationDistributed Systems. Smart Cards, Biometrics, & CAPTCHA. Paul Krzyzanowski
Distributed Systems Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski pxk@cs.rutgers.edu ds@pk.org Except as otherwise noted, the content of this presentation is licensed under the Creative Commons
More informationFSN-PalmSecureID-for ATM Machines
T he application of biometric solutions in ATMs and electronic point-of-sale solutions provide a high- security environment. By using a smartcard, on which the client's unique palm vein pattern is stored,
More informationBiometrics: The Password You ll Never Forget
1 Biometrics: The Password You ll Never Forget R.D. McDowall, McDowall Consulting, Bromley, Kent, UK. In the last Pharmaceutical File (1) we discussed electronic signatures and logical security within
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication: Beyond Passwords
HW2 Review CS 166: Information Security Authentication: Beyond Passwords Prof. Tom Austin San José State University Biometrics Biometric Something You Are You are your key ¾ Schneier Examples Fingerprint
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More information